- wp_die(__("You are not allowed to be here"));
-
-// upload type: image, video, file, ..?
-if ( isset($_GET['type']) )
- $type = strval($_GET['type']);
-else
- $type = apply_filters('media_upload_default_type', 'file');
-
-// tab: gallery, library, or type-specific
-if ( isset($_GET['tab']) )
- $tab = strval($_GET['tab']);
-else
- $tab = apply_filters('media_upload_default_tab', 'type');
-
-$body_id = 'media-upload';
-
-// let the action code decide how to handle the request
-if ( $tab == 'type' )
- do_action("media_upload_$type");
-else
- do_action("media_upload_$tab");
-
-?>
+ wp_die( __( 'Cheatin’ uh?' ) );
+
+ if ( ! empty( $_REQUEST['post_id'] ) && ! current_user_can( 'edit_post' , $_REQUEST['post_id'] ) )
+ wp_die( __( 'Cheatin’ uh?' ) );
+
+ // upload type: image, video, file, ..?
+ if ( isset($_GET['type']) )
+ $type = strval($_GET['type']);
+ else
+ $type = apply_filters('media_upload_default_type', 'file');
+
+ // tab: gallery, library, or type-specific
+ if ( isset($_GET['tab']) )
+ $tab = strval($_GET['tab']);
+ else
+ $tab = apply_filters('media_upload_default_tab', 'type');
+
+ $body_id = 'media-upload';
+
+ // let the action code decide how to handle the request
+ if ( $tab == 'type' || $tab == 'type_url' || ! array_key_exists( $tab , media_upload_tabs() ) )
+ do_action("media_upload_$type");
+ else
+ do_action("media_upload_$tab");